You are viewing our Forum Archives. To view or take place in current topics click here.
#41. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
brov516 wrote AMAZING post. You should clean it up like put caps and colors and it for sure will get a sticky.


-brov
my make it bigger and stuff wont work at all
#42. Posted:
RayWilliamJohnson
  • TTG Addict
Status: Offline
Joined: Apr 15, 201014Year Member
Posts: 2,332
Reputation Power: 89
Status: Offline
Joined: Apr 15, 201014Year Member
Posts: 2,332
Reputation Power: 89
this looks like one big copy and paste but needs be sticky.
#43. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
x_Lord_Pavey_x wrote this looks like one big copy and paste but needs be sticky.
I said i did at the bottom but i figure it would help out the community
#44. Posted:
TGE_Jesse
  • TTG Senior
Status: Offline
Joined: Jun 25, 201014Year Member
Posts: 1,557
Reputation Power: 70
Status: Offline
Joined: Jun 25, 201014Year Member
Posts: 1,557
Reputation Power: 70
jpk98 wrote Hello there, You are looking at my massive tut on how to Jtag an xbox from start to finish. If you want to jtag your console and dont know where to start, this is where you wana be!



UPDATE: This tutorial is now fully updated so that you need one and only one program... iHc NandTool.. developed by me a full list of features and updates on iHc NandTool can be found here: [ Register or Signin to view external links. ]

download link for iHc Xbox 360 (Update it and you get signup free access to iHc Nand Tool) can be found here: [ Register or Signin to view external links. ]


YOU NEED .NET FRAMEWORK 3.5 OR ABOVE FOR THE PROGRAM TO WORK!: [ Register or Signin to view external links. ]









UPDATE: Using NAND - X feature has been added

UPDATE2: Using My iHc NandTool is used instead to make it easier

So lets begin....

This tut will be done on an xenon console and the jtag wiring (diodes) will be different for other revisions, other than that i will always be the same

This is gona be long, compacted and you are gona need alot of things.

Requirements


Parts list and quantities from maplins (UK) - (you can get from alternative sources if you wish)


There the physical parts ^^^ now some things you need in your house...

A tidy work area:



A computer with one of these badboy ports (LTP Port, Usually used for Printers)



A victim to exploit:



So an overview of the above... This is what you need:
x6 100 ohm Resistors (dependant on your computer (get them to be safe))
x3 Switching Diodes
1m of Cat 5 ethernet cable
A PC with a LPT port
Some soldier and a soldering iron




Now you are ready to jtag your console (Besides the software downloads... we'll do them later )




NEW: NAND-X ALTERNATIVE TUTORIAL




So, we have the parts we need? lets get to installing the new exploit wiring

Installing JTAG Wiring


So first off we need to open the xbox and remove the motherboard from the casing... the console i have had RROD so i will remove the heatsinks as well but you dont need to do that.

To open the XBOX you will need a T8 and a T10 Screwdriver along with a very small (1.2MM) Flathead screwdriver... i do not have a tut on how to open it but if anyone has a good video feel free to post it and i will use it.






now you removed the motherboard, chuck all the junk of your clean workspace and put the motherboard on there... first off we want to know where we are working... look at this picture below:



wiring is spelt like this <<< i am aware lol



That is the area where we will be working and i added some quick lines (took me ages really ¬¬) to show where we will have to soldier to for the jtag hack to work.

Now we are going to install the two diodes and the jump wire. If you look at this close up you will see what needs doing





You can see the I< on the two diodes wires... thats the end the black end points towards! it has to be that way! so it will look like this:





And the jumper (Green line) couldn't be more easier... all you need to do is short them two pins together.

So we can begin soldiering to the motherboard!

You will need some soldiering skills and a steady hand here, My best method of soldiering into these little sockets is to turn the board onto its side and press the soldiering iron onto the rear of the hole melting it so that you can slide the cable into the whole. A picture:





so using that tip, some wire (just ~3cm from the CAT5 cable) and the above installation instructions it should look like this:






Once its done and secure i would recommend you cover it in insulation tape to stop any shorting. but thats it! you console can now run the JTAG hack... all we need to do is install the LPT cable and write to the nand.


So now we have our JTAG hack diodes installed we now need to get the console ready for writing to the nand.

Making and installing the LPT cable



So now we have our Jtag wiring installed we now need to write the modded image (freeboot) but before we can do that we need to install the connection from our computer to the console... this will require more soldiering btw.


so lets begin, first off, this can be done in two ways, install a permanent cable (im not going to go into it) or a temporary one (what im gona do)

This cable is only needed once for reading and writing to the nand the modded image. For more experienced modders who will try loads of hacks to booting ect i would recomend that you use your brain and create a socket what lets you write to the nand with the console closed up (most common method is get an ethernet coupler and make a hole under the HDD... this will be more clearer later on in this spoiler.)

anyway, the temporary method:
(i will do a more permanent method later if i get a client who requests it)

Right first... we need to get our cat5 cable and cut it down so it is no more than 40cm (anything more and it will corrupt the data giving bad nand dumps, some PC's may need it shorter)





Now you want to cut about 9cm of the outer insulation (in my case the blue bit) so you can see 9cm of the 8 wires in side





now we only need 7 wires so pick a colour and get rid of it





Now because i jtag alot of consoles i want a more long lasting cable so i am attaching stronger bits of metal to the end of my cable so i can solider and disorder easily. If you want to copy me all i did was dug out some heat shrink tubing (2.4MM) and some old resistors (using the metal from each end of it) and did this (below) to each side:





so now you have the cable made (if you dont want my fancy add on just strip the wires down and neaten it up ready to soldier into the holes) we can no get ready to soldier on the console motherboard.

take a look at this picture, the coloured dots are where you need to soldier to, these will also be matched with a corresponding colour slot in on the LPT port of the PC:




and they need to connect to here:




Now unless you have a multimeter and can test the voltage the PC outputs to the LPT, i would install the 5 100 ohm resistors to cables; Orange, Orange/White, Green, Blue and Blue/White.
The only way to tell if these are needed is if we get an error later on trying to read the nand, if we do we will take them off. I know in my case i don't need them so i wont bother with them but you all should.

so now you know where you need to soldier to (We are only soldering to the motherboard, we only have to slide the cables into the PC port) we can get soldering! here is a pic of what it should look like when were done:





Now we have the cable wired on we are now ready to connect it up to out PC!


lets move on!



So now we have our wiring done we now need to prepare our computer (the one with the LPT port) for dumping, making and writing to the nand... lets begin

Setting up the computer



first off we need a working os (unlike mine)





anyway, i believe you computer needs to be running 32 bit windows; xp, vista or 7 for this to work... make sure you have one of the three installed and your ready to move on! - 64 also works

So now we have a OS we now need two programs, Xbins it is called.... it may show up as a Trojan virus as its a ftp client but i can ensure you it isnt and if you dont trust me theres no other place of getting these files unless you get someone else to get them. The other program we need is Total Commander so that we can check the three nand dumps we get to make sure we dont have a corrupt copy i have now released iHc NandTool what can do all of this easily with just one simple tool

you can download iHc Xbox 360 (Free download, signup free) from here:
-Mediafire

You can download Xbins from the following locations: Rapidshare, Mediafire, Megaupload
You can download Total commander from here: Rapidshare, Mediafire, Mediafire

so once you have downloaded the file extract the contents to a folder... i called mine iHC Xbox 360 and launch iHc Xbox 360 from inside that folder

you will get the fancy ass loading screen:


Once it has loaded.. accept the update



then at the top click Jtag tools and you will see iHC NandTool... just click that and it will open



Just leave it as it is for now.... and we will come back to it later.

now we are ready to dump the nand! so we need to set up our console and get to connected to the PC and a power source

so first off get the console near to the LPT port and plug it into its power pack





Now going back to earlier:





you need to connect the console up to the LPT port...

this is what it should look like:






so now we have our wireing done, the program is in place... means its time to dump the nand!



So we have the Jtag connected up to the computer, nandpro in place... lets dump the nand!... oh, just one more thing

PreDump CB Check (Make sure we can jtag)



so now if we have passed the CB check stage... we can now dump our nand!

Dumping the nand



Now to dump the nand go back to iHc NandTool and to configure it we need to select two options...

Connection Type and Motherboard Revision

Connection type is how your jtag is connected so we will click LPT and the motherboard revision...

as this tut is mainly for xenon i will select xenon... it should look like this:



Now... the simple bit... press Read from NAND... since i have moved on since this tut and no do all my dumping via USB i will have USB selected but its the same process..

on first use the nandpro files may have not been downloaded as to save space and download times it will only download the files needed for the user... say if you donwnload it just to check dumps.. you wouldnt need these files (only 2 meg lol) but just for those whith super slow speeds... anyway just click yes and the program will begin to download and continue when its ready.

hit dump nand and a ETA will pop out... this eta is built from your nand size and and connection method... for LPT it takes ~35Minutes and via USB ~2Minutes...

it will then confirm your choice with another messagebox saying how your going to dump and how big a dump... all nands accept jasper are 16MB so 16Mb should be displayed.



once it has got to 3FF (on 16MB) it will say Press any key to continue..

do what it says and you will get a save screen... save the dump so somewhere and call it orig1.bin or something...


repeat these dumping steps again so you get a 2nd dump then we can quicly check them... dont disconnect your jtag yes as you may need to get another dump...


So now we have 2 copies of our original nand? lets check them then mod them!!!

Checking the nand images


right... now this couldn't be any easier, on iHc NandTool press "Dump Compare" and it will load a open box.. select the first dump then press open... then another box will popup, select your 2nd dump... once you click OK it will run the check process through:


if you get a screen like that, your good to go! if however, like many people do get get this message:



this means there was a little corruption in the dumping process... this is normal and it can take sometimes upto ~9 dumps to get an identical pair,

if your dumps are not correct... just go back, get another one and then run them trough the checker again until you get two identical dumps...

when you have an identical dump, move on



So you got a good dump? lets double check that is okay to jtag this consols


Checking the CB version (Make sure we can jtag)



if you did a predump CB check then you don't need to do this... move on

Now we have a nand image we now need to check the CB version to make sure the console is actually exploitable. I know you may have a 7371 dash or below but this is also needed to be checked.

So to do this make sure that iHc NandTool is open and under "Nand Tools" Click "Check CB"


An open file dialogue will open asking you to select your Nand Dump... click OK and you will get one of the following messages:

1)

2)

3)


if you get message 1... congratulations, you can move on as your console is jtaggable!
if you get message 2... im sorry, your console is not jtaggable at the present time (and a long time after)
if you get message 3... iHc NandTool could not read the CB version... this is either because you haven't selected a real nand dump or there is a bad read on some of the blocks... if your 100% sure you have a real nand image dump again a few times and try again..

so if you have a jtaggable console, move on... if you dont... sorry you just waisted your time but this is the only way of being 100% sure you can dump


Now we know for certian that our console can be jtaged, lets flash xell to the console

Installing Xell to get the CPU key



right, go back to iHc NandTool and click the Get Xellous button... a message will pop up to download it asking if you want to get xellous for the motherboard you selected earlier...

once you clicked OK it will begin the download.



then it will ask to save it... select where you want to save it and then we can write it...

Now click Write to NAND (MAKE SURE YOU HAVE 2 IDENTICAL NAND DUMPS FIRST!!!)

then a window will open, select the file you downloaded... by default it should be called xellous_xenon.bin

and just confirm your selection...

a command window will open and you would have successfully wrote xellous



Got xell on your xbox? now you can get your CPU key for the console,

Obtaining your CPU key


Right, so now you have xell installed to your xbox, turn your console on via the eject key, plugged into a tv and not the LPT port you should get a blue screen.

Now get a camera handy and when you turn it on, you should see this:




now wait a second and you will see something like this




Now thats ^^^ is what you want to take a picture of. The console fusesets.... if you look you will see set's 3&4 and 5&6 are identical... now take either set 3&4 and 5&6 and put them together. This makes your CPU key.

So mine are

Set 4: AF39DF25B0CD3878
Set 5: 36C083CF14E6E4D6

So my CPU key is: AF39DF25B0CD387836C083CF14E6E4D6

Note that down and save it! you will need it in the future!

Now its safe to turn off your xbox once you get your key.

Now we have everything we need to build our Freeboot 0.032 image... lets move on



So we have our CPU key and original image, we can now make our freeboot image what will actually carry the hack

Making the freeboot 0.032 image



as i write this i have not finished my freeBOOT maker part so just follow this bit for now.

Right, there are three things we need to make this image:

Your CPU key
Your original nand dump
Freeboot Toolbox

You can download freeboot tool box from these mirrors: Rapidshare, Megaupload, Mediafire


Now, lets make our image...

now make sure you have the correct motherboard revision selected and click Build FreeBOOT 0.032 image

if its your first time it will ask to download the files... just click yes, they are 12Mb so may take a coupple minutes



The button will then turn into a text box and a small button... enter your CPU key in the text box and hit the GO button



once you hit go, it will ask to locate your NAND dump... select one from earlier what was identical with another one and click open.

A console window will then load

it will then close and another one will open

then it will sap "Press any key to continue"

do as it says and a save window will open.. save the image as something like FreeBOOT.bin
then click save

it will then tell you where it is saved and offer additional info

after that you are done... now we can move on to writing the new FreeBOOT image back


Now we can move onto writing the image back.



So your nearly there... made your image, now lets write it back.

Writing freeboot image back to xbox


Right, were nearly there, you should be able to smell the ability to hack shizzles! We just need to get the modded freeboot image back onto the console,

now just click Write To NAND again, select the newly made freeBOOT image

and follow the prompts to get to the console window

once it has write fully you have no jtagged your xbox! congrats!

once its done, unplug the console from the computer, desoldier the LPT cable. NOT THE TWO DIODES AND JUMPER! Just the 7 that go into the pc, unless you want to keep them of course and you xbox will now officially be jtaged!

Well done for doing it yourself and not going off to buy one!

If your wondering what to do now read on...



So you have successfully made yourself a jtag
What to do now you have a jtag





Thanks for reading this all, it took a few days to do... please leave any questions ect in the thread below and i will do my best to helo you.

if i helped, + rep
THIS IS COPIED
AND PAST
ED FROM A DOCUMENT ON MY PC


dude, make som spoiliers
#45. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
TTG_XENONJESSE wrote
jpk98 wrote Hello there, You are looking at my massive tut on how to Jtag an xbox from start to finish. If you want to jtag your console and dont know where to start, this is where you wana be!



UPDATE: This tutorial is now fully updated so that you need one and only one program... iHc NandTool.. developed by me a full list of features and updates on iHc NandTool can be found here: [ Register or Signin to view external links. ]

download link for iHc Xbox 360 (Update it and you get signup free access to iHc Nand Tool) can be found here: [ Register or Signin to view external links. ]


YOU NEED .NET FRAMEWORK 3.5 OR ABOVE FOR THE PROGRAM TO WORK!: [ Register or Signin to view external links. ]









UPDATE: Using NAND - X feature has been added

UPDATE2: Using My iHc NandTool is used instead to make it easier

So lets begin....

This tut will be done on an xenon console and the jtag wiring (diodes) will be different for other revisions, other than that i will always be the same

This is gona be long, compacted and you are gona need alot of things.

Requirements


Parts list and quantities from maplins (UK) - (you can get from alternative sources if you wish)


There the physical parts ^^^ now some things you need in your house...

A tidy work area:



A computer with one of these badboy ports (LTP Port, Usually used for Printers)



A victim to exploit:



So an overview of the above... This is what you need:
x6 100 ohm Resistors (dependant on your computer (get them to be safe))
x3 Switching Diodes
1m of Cat 5 ethernet cable
A PC with a LPT port
Some soldier and a soldering iron




Now you are ready to jtag your console (Besides the software downloads... we'll do them later )




NEW: NAND-X ALTERNATIVE TUTORIAL




So, we have the parts we need? lets get to installing the new exploit wiring

Installing JTAG Wiring


So first off we need to open the xbox and remove the motherboard from the casing... the console i have had RROD so i will remove the heatsinks as well but you dont need to do that.

To open the XBOX you will need a T8 and a T10 Screwdriver along with a very small (1.2MM) Flathead screwdriver... i do not have a tut on how to open it but if anyone has a good video feel free to post it and i will use it.






now you removed the motherboard, chuck all the junk of your clean workspace and put the motherboard on there... first off we want to know where we are working... look at this picture below:



wiring is spelt like this <<< i am aware lol



That is the area where we will be working and i added some quick lines (took me ages really ¬¬) to show where we will have to soldier to for the jtag hack to work.

Now we are going to install the two diodes and the jump wire. If you look at this close up you will see what needs doing





You can see the I< on the two diodes wires... thats the end the black end points towards! it has to be that way! so it will look like this:





And the jumper (Green line) couldn't be more easier... all you need to do is short them two pins together.

So we can begin soldiering to the motherboard!

You will need some soldiering skills and a steady hand here, My best method of soldiering into these little sockets is to turn the board onto its side and press the soldiering iron onto the rear of the hole melting it so that you can slide the cable into the whole. A picture:





so using that tip, some wire (just ~3cm from the CAT5 cable) and the above installation instructions it should look like this:






Once its done and secure i would recommend you cover it in insulation tape to stop any shorting. but thats it! you console can now run the JTAG hack... all we need to do is install the LPT cable and write to the nand.


So now we have our JTAG hack diodes installed we now need to get the console ready for writing to the nand.

Making and installing the LPT cable



So now we have our Jtag wiring installed we now need to write the modded image (freeboot) but before we can do that we need to install the connection from our computer to the console... this will require more soldiering btw.


so lets begin, first off, this can be done in two ways, install a permanent cable (im not going to go into it) or a temporary one (what im gona do)

This cable is only needed once for reading and writing to the nand the modded image. For more experienced modders who will try loads of hacks to booting ect i would recomend that you use your brain and create a socket what lets you write to the nand with the console closed up (most common method is get an ethernet coupler and make a hole under the HDD... this will be more clearer later on in this spoiler.)

anyway, the temporary method:
(i will do a more permanent method later if i get a client who requests it)

Right first... we need to get our cat5 cable and cut it down so it is no more than 40cm (anything more and it will corrupt the data giving bad nand dumps, some PC's may need it shorter)





Now you want to cut about 9cm of the outer insulation (in my case the blue bit) so you can see 9cm of the 8 wires in side





now we only need 7 wires so pick a colour and get rid of it





Now because i jtag alot of consoles i want a more long lasting cable so i am attaching stronger bits of metal to the end of my cable so i can solider and disorder easily. If you want to copy me all i did was dug out some heat shrink tubing (2.4MM) and some old resistors (using the metal from each end of it) and did this (below) to each side:





so now you have the cable made (if you dont want my fancy add on just strip the wires down and neaten it up ready to soldier into the holes) we can no get ready to soldier on the console motherboard.

take a look at this picture, the coloured dots are where you need to soldier to, these will also be matched with a corresponding colour slot in on the LPT port of the PC:




and they need to connect to here:




Now unless you have a multimeter and can test the voltage the PC outputs to the LPT, i would install the 5 100 ohm resistors to cables; Orange, Orange/White, Green, Blue and Blue/White.
The only way to tell if these are needed is if we get an error later on trying to read the nand, if we do we will take them off. I know in my case i don't need them so i wont bother with them but you all should.

so now you know where you need to soldier to (We are only soldering to the motherboard, we only have to slide the cables into the PC port) we can get soldering! here is a pic of what it should look like when were done:





Now we have the cable wired on we are now ready to connect it up to out PC!


lets move on!



So now we have our wiring done we now need to prepare our computer (the one with the LPT port) for dumping, making and writing to the nand... lets begin

Setting up the computer



first off we need a working os (unlike mine)





anyway, i believe you computer needs to be running 32 bit windows; xp, vista or 7 for this to work... make sure you have one of the three installed and your ready to move on! - 64 also works

So now we have a OS we now need two programs, Xbins it is called.... it may show up as a Trojan virus as its a ftp client but i can ensure you it isnt and if you dont trust me theres no other place of getting these files unless you get someone else to get them. The other program we need is Total Commander so that we can check the three nand dumps we get to make sure we dont have a corrupt copy i have now released iHc NandTool what can do all of this easily with just one simple tool

you can download iHc Xbox 360 (Free download, signup free) from here:
-Mediafire

You can download Xbins from the following locations: Rapidshare, Mediafire, Megaupload
You can download Total commander from here: Rapidshare, Mediafire, Mediafire

so once you have downloaded the file extract the contents to a folder... i called mine iHC Xbox 360 and launch iHc Xbox 360 from inside that folder

you will get the fancy ass loading screen:


Once it has loaded.. accept the update



then at the top click Jtag tools and you will see iHC NandTool... just click that and it will open



Just leave it as it is for now.... and we will come back to it later.

now we are ready to dump the nand! so we need to set up our console and get to connected to the PC and a power source

so first off get the console near to the LPT port and plug it into its power pack





Now going back to earlier:





you need to connect the console up to the LPT port...

this is what it should look like:






so now we have our wireing done, the program is in place... means its time to dump the nand!



So we have the Jtag connected up to the computer, nandpro in place... lets dump the nand!... oh, just one more thing

PreDump CB Check (Make sure we can jtag)



so now if we have passed the CB check stage... we can now dump our nand!

Dumping the nand



Now to dump the nand go back to iHc NandTool and to configure it we need to select two options...

Connection Type and Motherboard Revision

Connection type is how your jtag is connected so we will click LPT and the motherboard revision...

as this tut is mainly for xenon i will select xenon... it should look like this:



Now... the simple bit... press Read from NAND... since i have moved on since this tut and no do all my dumping via USB i will have USB selected but its the same process..

on first use the nandpro files may have not been downloaded as to save space and download times it will only download the files needed for the user... say if you donwnload it just to check dumps.. you wouldnt need these files (only 2 meg lol) but just for those whith super slow speeds... anyway just click yes and the program will begin to download and continue when its ready.

hit dump nand and a ETA will pop out... this eta is built from your nand size and and connection method... for LPT it takes ~35Minutes and via USB ~2Minutes...

it will then confirm your choice with another messagebox saying how your going to dump and how big a dump... all nands accept jasper are 16MB so 16Mb should be displayed.



once it has got to 3FF (on 16MB) it will say Press any key to continue..

do what it says and you will get a save screen... save the dump so somewhere and call it orig1.bin or something...


repeat these dumping steps again so you get a 2nd dump then we can quicly check them... dont disconnect your jtag yes as you may need to get another dump...


So now we have 2 copies of our original nand? lets check them then mod them!!!

Checking the nand images


right... now this couldn't be any easier, on iHc NandTool press "Dump Compare" and it will load a open box.. select the first dump then press open... then another box will popup, select your 2nd dump... once you click OK it will run the check process through:


if you get a screen like that, your good to go! if however, like many people do get get this message:



this means there was a little corruption in the dumping process... this is normal and it can take sometimes upto ~9 dumps to get an identical pair,

if your dumps are not correct... just go back, get another one and then run them trough the checker again until you get two identical dumps...

when you have an identical dump, move on



So you got a good dump? lets double check that is okay to jtag this consols


Checking the CB version (Make sure we can jtag)



if you did a predump CB check then you don't need to do this... move on

Now we have a nand image we now need to check the CB version to make sure the console is actually exploitable. I know you may have a 7371 dash or below but this is also needed to be checked.

So to do this make sure that iHc NandTool is open and under "Nand Tools" Click "Check CB"


An open file dialogue will open asking you to select your Nand Dump... click OK and you will get one of the following messages:

1)

2)

3)


if you get message 1... congratulations, you can move on as your console is jtaggable!
if you get message 2... im sorry, your console is not jtaggable at the present time (and a long time after)
if you get message 3... iHc NandTool could not read the CB version... this is either because you haven't selected a real nand dump or there is a bad read on some of the blocks... if your 100% sure you have a real nand image dump again a few times and try again..

so if you have a jtaggable console, move on... if you dont... sorry you just waisted your time but this is the only way of being 100% sure you can dump


Now we know for certian that our console can be jtaged, lets flash xell to the console

Installing Xell to get the CPU key



right, go back to iHc NandTool and click the Get Xellous button... a message will pop up to download it asking if you want to get xellous for the motherboard you selected earlier...

once you clicked OK it will begin the download.



then it will ask to save it... select where you want to save it and then we can write it...

Now click Write to NAND (MAKE SURE YOU HAVE 2 IDENTICAL NAND DUMPS FIRST!!!)

then a window will open, select the file you downloaded... by default it should be called xellous_xenon.bin

and just confirm your selection...

a command window will open and you would have successfully wrote xellous



Got xell on your xbox? now you can get your CPU key for the console,

Obtaining your CPU key


Right, so now you have xell installed to your xbox, turn your console on via the eject key, plugged into a tv and not the LPT port you should get a blue screen.

Now get a camera handy and when you turn it on, you should see this:




now wait a second and you will see something like this




Now thats ^^^ is what you want to take a picture of. The console fusesets.... if you look you will see set's 3&4 and 5&6 are identical... now take either set 3&4 and 5&6 and put them together. This makes your CPU key.

So mine are

Set 4: AF39DF25B0CD3878
Set 5: 36C083CF14E6E4D6

So my CPU key is: AF39DF25B0CD387836C083CF14E6E4D6

Note that down and save it! you will need it in the future!

Now its safe to turn off your xbox once you get your key.

Now we have everything we need to build our Freeboot 0.032 image... lets move on



So we have our CPU key and original image, we can now make our freeboot image what will actually carry the hack

Making the freeboot 0.032 image



as i write this i have not finished my freeBOOT maker part so just follow this bit for now.

Right, there are three things we need to make this image:

Your CPU key
Your original nand dump
Freeboot Toolbox

You can download freeboot tool box from these mirrors: Rapidshare, Megaupload, Mediafire


Now, lets make our image...

now make sure you have the correct motherboard revision selected and click Build FreeBOOT 0.032 image

if its your first time it will ask to download the files... just click yes, they are 12Mb so may take a coupple minutes



The button will then turn into a text box and a small button... enter your CPU key in the text box and hit the GO button



once you hit go, it will ask to locate your NAND dump... select one from earlier what was identical with another one and click open.

A console window will then load

it will then close and another one will open

then it will sap "Press any key to continue"

do as it says and a save window will open.. save the image as something like FreeBOOT.bin
then click save

it will then tell you where it is saved and offer additional info

after that you are done... now we can move on to writing the new FreeBOOT image back


Now we can move onto writing the image back.



So your nearly there... made your image, now lets write it back.

Writing freeboot image back to xbox


Right, were nearly there, you should be able to smell the ability to hack shizzles! We just need to get the modded freeboot image back onto the console,

now just click Write To NAND again, select the newly made freeBOOT image

and follow the prompts to get to the console window

once it has write fully you have no jtagged your xbox! congrats!

once its done, unplug the console from the computer, desoldier the LPT cable. NOT THE TWO DIODES AND JUMPER! Just the 7 that go into the pc, unless you want to keep them of course and you xbox will now officially be jtaged!

Well done for doing it yourself and not going off to buy one!

If your wondering what to do now read on...



So you have successfully made yourself a jtag
What to do now you have a jtag





Thanks for reading this all, it took a few days to do... please leave any questions ect in the thread below and i will do my best to helo you.

if i helped, + rep
THIS IS COPIED
AND PAST
ED FROM A DOCUMENT ON MY PC


dude, make som spoiliers
what do you mean?
#46. Posted:
TTG_Prod
  • TTG Addict
Status: Offline
Joined: Apr 28, 201014Year Member
Posts: 2,706
Reputation Power: 153
Status: Offline
Joined: Apr 28, 201014Year Member
Posts: 2,706
Reputation Power: 153
Mod3rat3r wrote Ye some1 needs to sticky this


How this kid copied and pasted from s7 so why should it be stickied?
#47. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
TTG_Prod wrote
Mod3rat3r wrote Ye some1 needs to sticky this


How this kid copied and pasted from s7 so why should it be stickied?
i found this in my PC for some reason and yes i said its copied and pasted but i figure it would help out TTG members so stop flaming and if its that big of a problem i will just delete the post
#48. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
brov516 wrote AMAZING post. You should clean it up like put caps and colors and it for sure will get a sticky.


-brov
done
#49. Posted:
Midview13
  • TTG Addict
Status: Offline
Joined: Dec 31, 200914Year Member
Posts: 2,987
Reputation Power: 180
Status: Offline
Joined: Dec 31, 200914Year Member
Posts: 2,987
Reputation Power: 180
Should be stickied? lol.. 95% Chance this was copy and paste.. Explains why there isn't any pictures. Sooo. NO
#50. Posted:
KaplanCrunch
  • TTG Addict
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Status: Offline
Joined: Mar 01, 201014Year Member
Posts: 2,223
Reputation Power: 101
Midview13 wrote Should be stickied? lol.. 95% Chance this was copy and paste.. Explains why there isn't any pictures. Sooo. NO
i dont care about sticky,i said it was copy and paste so stop flaming me
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.